Subject: CVS commit: pkgsrc/audio/libtunepimp0.4
To: None <>
From: Lubomir Sedlacik <>
List: pkgsrc-changes
Date: 08/21/2006 17:55:01
Module Name:	pkgsrc
Committed By:	salo
Date:		Mon Aug 21 17:55:01 UTC 2006

Modified Files:
	pkgsrc/audio/libtunepimp0.4: Makefile distinfo
Added Files:
	pkgsrc/audio/libtunepimp0.4/patches: patch-ae

Log Message:
Security fix for CVE-2006-3600:

"A vulnerability in libtunepimp can be potentially exploited by
 malicious people to compromise a user's system.

 The vulnerability is caused due to a boundary error in the
 "LookupTRM::lookup()" function when retrieving album release dates.
 This can be exploited to cause a buffer overflow by returning an overly
 long release date string (more than 100 bytes).

 Successful exploitation may allow execution of arbitrary code in context
 of an application using the vulnerable library."

Patch from MusicBrainz SVN.  Bump PKGREVISION.

To generate a diff of this commit:
cvs rdiff -r1.2 -r1.3 pkgsrc/audio/libtunepimp0.4/Makefile
cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/audio/libtunepimp0.4/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/audio/libtunepimp0.4/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.